RubyGems - kubernetes-deploy - Versions diffs - 0.22.0 → 0.23.0 - Mend

kubernetes-deploy 0.22.0 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

checksums.yaml +5 -5
data/.rubocop.yml +8 -0
data/CHANGELOG.md +16 -0
data/README.md +32 -0
data/exe/kubernetes-deploy +2 -15
data/exe/kubernetes-render +32 -0
data/kubernetes-deploy.gemspec +5 -3
data/lib/kubernetes-deploy.rb +5 -3
data/lib/kubernetes-deploy/cluster_resource_discovery.rb +34 -0
data/lib/kubernetes-deploy/container_logs.rb +25 -13
data/lib/kubernetes-deploy/deploy_task.rb +68 -50
data/lib/kubernetes-deploy/errors.rb +1 -0
data/lib/kubernetes-deploy/formatted_logger.rb +16 -2
data/lib/kubernetes-deploy/kubeclient_builder/google_friendly_config.rb +4 -6
data/lib/kubernetes-deploy/kubectl.rb +20 -9
data/lib/kubernetes-deploy/kubernetes_resource.rb +5 -6
data/lib/kubernetes-deploy/kubernetes_resource/cloudsql.rb +3 -4
data/lib/kubernetes-deploy/kubernetes_resource/daemon_set.rb +4 -5
data/lib/kubernetes-deploy/kubernetes_resource/deployment.rb +7 -8
data/lib/kubernetes-deploy/kubernetes_resource/memcached.rb +4 -5
data/lib/kubernetes-deploy/kubernetes_resource/pod.rb +7 -5
data/lib/kubernetes-deploy/kubernetes_resource/pod_set_base.rb +12 -6
data/lib/kubernetes-deploy/kubernetes_resource/redis.rb +5 -6
data/lib/kubernetes-deploy/kubernetes_resource/replica_set.rb +23 -5
data/lib/kubernetes-deploy/kubernetes_resource/role.rb +22 -0
data/lib/kubernetes-deploy/kubernetes_resource/service.rb +8 -4
data/lib/kubernetes-deploy/kubernetes_resource/stateful_set.rb +2 -3
data/lib/kubernetes-deploy/oj.rb +4 -0
data/lib/kubernetes-deploy/options_helper.rb +27 -0
data/lib/kubernetes-deploy/remote_logs.rb +10 -4
data/lib/kubernetes-deploy/render_task.rb +119 -0
data/lib/kubernetes-deploy/renderer.rb +1 -1
data/lib/kubernetes-deploy/resource_cache.rb +64 -0
data/lib/kubernetes-deploy/resource_watcher.rb +27 -6
data/lib/kubernetes-deploy/restart_task.rb +5 -6
data/lib/kubernetes-deploy/runner_task.rb +6 -10
data/lib/kubernetes-deploy/statsd.rb +60 -7
data/lib/kubernetes-deploy/template_discovery.rb +15 -0
data/lib/kubernetes-deploy/version.rb +1 -1
data/pull_request_template.md +8 -0
metadata +47 -5
data/lib/kubernetes-deploy/resource_discovery.rb +0 -19
data/lib/kubernetes-deploy/sync_mediator.rb +0 -80

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 93fa4f3f00a9ff96a2dfc20fa26ead2ccf77d5e2
-  data.tar.gz: 6b1e6a305c64c94ffb1cb38b5f7d722ba2e11fd6
+SHA256:
+  metadata.gz: 01ddead06a28a399d7364d5789c2bcb1cee0e0aa4ae471a4af1a90c32973050b
+  data.tar.gz: ebcedef932871bd542db69bc0b48fb6f47f2482c712aa9380a79cb872b6c3e82
 SHA512:
-  metadata.gz: 88e0586648309f18d49b7d7e27650edd273bc0fdef8ae9bb0a0aa639ed6e4016fb0d7c6d2a1c25caede0774bb5fdc30b79d100e0ade49fcd6dd1a3823d20dc3a
-  data.tar.gz: a2ae7f6b727838b2c090c4208d0d321dee080902f8a50057c62f53691888294121211b863225945d5178ceea24876299e49ebdee1bc70f911e66eafd129e28fe
+  metadata.gz: 837dcaf96f89beae9f9a57ceb207595d602f1e039217007750112828a8076d0337c17bb6a75bcc2d5a5a8c531f8b0db363a19293d5dc6ce011cdd70440c888a7
+  data.tar.gz: e8e6484dbfae1b867542a02c39f7c96ed4434ab3f900f49fea72523466ea9be23ce2d1f2209d9fb609b7e71af63d1c047ab6f98f756ec28eef8bb47245fb9180

data/.rubocop.yml CHANGED

@@ -9,3 +9,11 @@ Style/TrailingCommaInArrayLiteral:
 Style/TrailingCommaInHashLiteral:
   Enabled: false
+Style/MethodCallWithArgsParentheses:
+  Enabled: false
+Naming/FileName:
+  Enabled: true
+  Exclude:
+    - lib/kubernetes-deploy.rb

data/CHANGELOG.md CHANGED

@@ -1,3 +1,19 @@
+## 0.23.0
+*Features*
+- New command: `kubernetes-render` is a tool for rendering ERB templates to raw Kubernetes YAML. It's useful for seeing what `kubernetes-deploy` does before actually invoking `kubectl` on the rendered YAML. It's also useful for outputting YAML that can be passed to other tools, for validation or introspection purposes. ([#375](https://github.com/Shopify/kubernetes-deploy/pull/375/files))
+- **[Breaking change]** This release completes the conversion of `kubernetes-deploy` StatsD metrics to `distribution`s, which was done for `kubernetes-restart` and `kubernetes-run` in v0.22.0.
+- Several new distribution metrics are available to give insight into the timing of each step of the deploy process: `KubernetesDeploy.validate_configuration.duration`, `KubernetesDeploy.discover_resources.duration`, `KubernetesDeploy.validate_resources.duration`, `KubernetesDeploy.initial_status.duration`, `KubernetesDeploy.create_ejson_secrets.duration`, `KubernetesDeploy.apply_all.duration`, `KubernetesDeploy.sync.duration`
+- **[Breaking change]** `KubernetesDeploy.resource.duration` no longer includes `sha` or `resource` tags. ([#392](https://github.com/Shopify/kubernetes-deploy/pull/392))
+*Enhancements*
+- Roles are now predeployed before RoleBindings ([#380](https://github.com/Shopify/kubernetes-deploy/pull/380))
+- Several performance enhancements for deploys to namespaces with hundreds of resources.
+- KubernetesDeploy no longer modifies the global StatsD configuration when used as a gem ([#384](https://github.com/Shopify/kubernetes-deploy/pull/384))
+*Bug fixes*
+- Handle out-of-order arrival of entries from different streams when processing logs ([#401](https://github.com/Shopify/kubernetes-deploy/pull/401))
 ## 0.22.0
 *Features*

data/README.md CHANGED

@@ -50,6 +50,10 @@ This repo also includes related tools for [running tasks](#kubernetes-run) and [
 * [Prerequisites](#prerequisites-1)
 * [Usage](#usage-2)
+**KUBERNETES-RENDER**
+* [Prerequisites](#prerequisites-2)
+* [Usage](#usage-3)
 **DEVELOPMENT**
 * [Setup](#setup)
 * [Running the test suite locally](#running-the-test-suite-locally)
@@ -371,6 +375,34 @@ Based on this specification `kubernetes-run` will create a new pod with the entr
+# kubernetes-render
+`kubernetes-render` is a tool for rendering ERB templates to raw Kubernetes YAML. It's useful for seeing what `kubernetes-deploy` does before actually invoking `kubectl` on the rendered YAML. It's also useful for outputting YAML that can be passed to other tools, for validation or introspection purposes.
+## Prerequisites
+ * `kubernetes-render` does __not__ require a running cluster or an active kubernetes context, which is nice if you want to run it in a CI environment, potentially alongside something like https://github.com/garethr/kubeval to make sure your configuration is sound.
+ * Like the other `kubernetes-deploy` commands, `kubernetes-render` requires the `$REVISION` environment variable to be set, and will make it available as `current_sha` in your ERB templates.
+## Usage
+To render all templates in your template dir, run:
+```
+kubernetes-render --template-dir=./path/to/template/dir
+```
+To render some templates in a template dir, run kubernetes-render with the names of the templates to render:
+```
+kubernetes-render --template-dir=./path/to/template/dir this-template.yaml.erb that-template.yaml.erb
+```
+*Options:*
+- `--template-dir=DIR`: Used to set the directory to interpret template names relative to. This is often the same directory passed as `--template-dir` when running `kubernetes-deploy` to actually deploy templates. Set `$ENVIRONMENT` instead to use `config/deploy/$ENVIRONMENT`.
+- `--bindings=BINDINGS`: Makes additional variables available to your ERB templates. For example, `kubernetes-render --bindings=color=blue,size=large some-template.yaml.erb` will expose `color` and `size` to `some-template.yaml.erb`.
 # Development

data/exe/kubernetes-deploy CHANGED

@@ -40,23 +40,10 @@ ARGV.options do |opts|
   opts.parse!
 end
-if !template_dir && ENV.key?("ENVIRONMENT")
-  template_dir = "config/deploy/#{ENV['ENVIRONMENT']}"
-end
-if !template_dir || template_dir.empty?
-  puts "Template directory is unknown. " \
-    "Either specify --template-dir argument or set $ENVIRONMENT to use config/deploy/$ENVIRONMENT as a default path."
-  exit 1
-end
-revision = ENV.fetch('REVISION') do
-  puts "ENV['REVISION'] is missing. Please specify the commit SHA"
-  exit 1
-end
 namespace = ARGV[0]
 context = ARGV[1]
+template_dir = KubernetesDeploy::OptionsHelper.default_and_check_template_dir(template_dir)
+revision = KubernetesDeploy::OptionsHelper.revision_from_environment
 logger = KubernetesDeploy::FormattedLogger.build(namespace, context, verbose_prefix: verbose_log_prefix)
 runner = KubernetesDeploy::DeployTask.new(

data/exe/kubernetes-render ADDED

@@ -0,0 +1,32 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require 'kubernetes-deploy'
+require 'kubernetes-deploy/render_task'
+require 'optparse'
+template_dir = nil
+bindings = {}
+ARGV.options do |opts|
+  opts.on("--bindings=BINDINGS", "Expose additional variables to ERB templates " \
+    "(format: k1=v1,k2=v2, JSON string or file (JSON or YAML) path prefixed by '@')") do |binds|
+    bindings.merge!(KubernetesDeploy::BindingsParser.parse(binds))
+  end
+  opts.on("--template-dir=DIR", "Set the template dir (default: config/deploy/$ENVIRONMENT)") { |v| template_dir = v }
+  opts.parse!
+end
+templates = ARGV
+logger = KubernetesDeploy::FormattedLogger.build(verbose_prefix: false)
+revision = KubernetesDeploy::OptionsHelper.revision_from_environment
+runner = KubernetesDeploy::RenderTask.new(
+  logger: logger,
+  current_sha: revision,
+  template_dir: template_dir,
+  bindings: bindings,
+)
+success = runner.run(STDOUT, templates)
+exit 1 unless success

data/kubernetes-deploy.gemspec CHANGED

@@ -15,12 +15,12 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/Shopify/kubernetes-deploy"
   spec.license       = "MIT"
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+  spec.files         = %x(git ls-files -z).split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = %w(lib)
   spec.required_ruby_version = '>= 2.3.0'
   spec.add_dependency "activesupport", ">= 5.0"
@@ -28,7 +28,9 @@ Gem::Specification.new do |spec|
   spec.add_dependency "googleauth", "~> 0.6.6" # https://github.com/google/google-auth-library-ruby/issues/153
   spec.add_dependency "ejson", "~> 1.0"
   spec.add_dependency "colorize", "~> 0.8"
-  spec.add_dependency "statsd-instrument", "~> 2.3"
+  spec.add_dependency "statsd-instrument", '~> 2.3', '>= 2.3.2'
+  spec.add_dependency "oj", "~> 3.7"
+  spec.add_dependency "concurrent-ruby", "~> 1.1"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake", "~> 10.0"

data/lib/kubernetes-deploy.rb CHANGED

@@ -11,16 +11,18 @@ require 'active_support/duration'
 require 'colorized_string'
 require 'kubernetes-deploy/version'
+require 'kubernetes-deploy/oj'
 require 'kubernetes-deploy/errors'
 require 'kubernetes-deploy/formatted_logger'
-require 'kubernetes-deploy/deploy_task'
+require 'kubernetes-deploy/options_helper'
 require 'kubernetes-deploy/statsd'
+require 'kubernetes-deploy/deploy_task'
 require 'kubernetes-deploy/concurrency'
 require 'kubernetes-deploy/bindings_parser'
 require 'kubernetes-deploy/duration_parser'
-require 'kubernetes-deploy/sync_mediator'
+require 'kubernetes-deploy/resource_cache'
 module KubernetesDeploy
   MIN_KUBE_VERSION = '1.9.0'
-  KubernetesDeploy::StatsD.build
+  StatsD.build
 end

data/lib/kubernetes-deploy/cluster_resource_discovery.rb ADDED

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  class ClusterResourceDiscovery
+    def initialize(namespace:, context:, logger:, namespace_tags:)
+      @namespace = namespace
+      @context = context
+      @logger = logger
+      @namespace_tags = namespace_tags
+    end
+    def crds
+      @crds ||= fetch_crds.map do |cr_def|
+        CustomResourceDefinition.new(namespace: @namespace, context: @context, logger: @logger,
+          definition: cr_def, statsd_tags: @namespace_tags)
+      end
+    end
+    private
+    def fetch_crds
+      raw_json, _, st = kubectl.run("get", "CustomResourceDefinition", "-a", "--output=json", attempts: 5)
+      if st.success?
+        JSON.parse(raw_json)["items"]
+      else
+        []
+      end
+    end
+    def kubectl
+      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: true)
+    end
+  end
+end

data/lib/kubernetes-deploy/container_logs.rb CHANGED

@@ -5,18 +5,20 @@ module KubernetesDeploy
     DEFAULT_LINE_LIMIT = 250
-    def initialize(parent_id:, container_name:, logger:)
+    def initialize(parent_id:, container_name:, namespace:, context:, logger:)
       @parent_id = parent_id
       @container_name = container_name
+      @namespace = namespace
+      @context = context
       @logger = logger
       @lines = []
       @next_print_index = 0
     end
-    def sync(kubectl)
-      new_logs = fetch_latest(kubectl)
+    def sync
+      new_logs = fetch_latest
       return unless new_logs.present?
-      @lines += deduplicate(new_logs)
+      @lines += sort_and_deduplicate(new_logs)
     end
     def empty?
@@ -39,7 +41,7 @@ module KubernetesDeploy
     private
-    def fetch_latest(kubectl)
+    def fetch_latest
       cmd = ["logs", @parent_id, "--container=#{container_name}", "--timestamps"]
       cmd << if @last_timestamp.present?
         "--since-time=#{rfc3339_timestamp(@last_timestamp)}"
@@ -50,22 +52,32 @@ module KubernetesDeploy
       out.split("\n")
     end
+    def kubectl
+      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: false)
+    end
     def rfc3339_timestamp(time)
       time.strftime("%FT%T.%N%:z")
     end
-    def deduplicate(logs)
-      deduped = []
-      check_for_duplicate = true
+    def sort_and_deduplicate(logs)
+      parsed_lines = logs.map { |line| split_timestamped_line(line) }
+      sorted_lines = parsed_lines.sort do |(timestamp1, _msg1), (timestamp2, _msg2)|
+        if timestamp1.nil?
+          -1
+        elsif timestamp2.nil?
+          1
+        else
+          timestamp1 <=> timestamp2
+        end
+      end
-      logs.each do |line|
-        timestamp, msg = split_timestamped_line(line)
-        next if check_for_duplicate && likely_duplicate?(timestamp)
-        check_for_duplicate = false # logs are ordered, so once we've seen a new one, assume all subsequent logs are new
+      deduped = []
+      sorted_lines.each do |timestamp, msg|
+        next if likely_duplicate?(timestamp)
         @last_timestamp = timestamp if timestamp
         deduped << msg
       end
       deduped
     end

data/lib/kubernetes-deploy/deploy_task.rb CHANGED

@@ -38,11 +38,13 @@ require 'kubernetes-deploy/kubectl'
 require 'kubernetes-deploy/kubeclient_builder'
 require 'kubernetes-deploy/ejson_secret_provisioner'
 require 'kubernetes-deploy/renderer'
-require 'kubernetes-deploy/resource_discovery'
+require 'kubernetes-deploy/cluster_resource_discovery'
+require 'kubernetes-deploy/template_discovery'
 module KubernetesDeploy
   class DeployTask
     include KubeclientBuilder
+    extend KubernetesDeploy::StatsD::MeasureMethods
     PREDEPLOY_SEQUENCE = %w(
       ResourceQuota
@@ -52,6 +54,7 @@ module KubernetesDeploy
       ConfigMap
       PersistentVolumeClaim
       ServiceAccount
+      Role
       RoleBinding
       Pod
     )
@@ -85,7 +88,7 @@ module KubernetesDeploy
         policy/v1beta1/PodDisruptionBudget
         batch/v1beta1/CronJob
       )
-      wl + cluster_resource_discoverer.crds(@sync_mediator).select(&:prunable?).map(&:group_version_kind)
+      wl + cluster_resource_discoverer.crds.select(&:prunable?).map(&:group_version_kind)
     end
     def server_version
@@ -108,7 +111,6 @@ module KubernetesDeploy
         logger: @logger,
         bindings: bindings,
       )
-      @sync_mediator = SyncMediator.new(namespace: @namespace, context: @context, logger: @logger)
     end
     def run(*args)
@@ -124,33 +126,16 @@ module KubernetesDeploy
       @logger.phase_heading("Initializing deploy")
       validate_configuration(allow_protected_ns: allow_protected_ns, prune: prune)
-      confirm_context_exists
-      confirm_namespace_exists
-      @namespace_tags |= tags_from_namespace_labels
       resources = discover_resources
-      validate_definitions(resources)
+      validate_resources(resources)
       @logger.phase_heading("Checking initial resource statuses")
-      @sync_mediator.sync(resources)
-      resources.each { |r| @logger.info(r.pretty_status) }
-      ejson = EjsonSecretProvisioner.new(
-        namespace: @namespace,
-        context: @context,
-        template_dir: @template_dir,
-        logger: @logger,
-        prune: prune,
-      )
-      if ejson.secret_changes_required?
-        @logger.phase_heading("Deploying kubernetes secrets from #{EjsonSecretProvisioner::EJSON_SECRETS_FILE}")
-        ejson.run
-      end
+      check_initial_status(resources)
+      create_ejson_secrets(prune)
       if deploy_has_priority_resources?(resources)
         @logger.phase_heading("Predeploying priority resources")
-        start_priority_resource = Time.now.utc
         predeploy_priority_resources(resources)
-        ::StatsD.measure('priority_resources.duration', StatsD.duration(start_priority_resource), tags: statsd_tags)
       end
       @logger.phase_heading("Deploying all resources")
@@ -159,9 +144,7 @@ module KubernetesDeploy
       end
       if verify_result
-        start_normal_resource = Time.now.utc
-        deploy_resources(resources, prune: prune, verify: true)
-        ::StatsD.measure('normal_resources.duration', StatsD.duration(start_normal_resource), tags: statsd_tags)
+        deploy_all_resources(resources, prune: prune, verify: true)
         failed_resources = resources.reject(&:deploy_succeeded?)
         success = failed_resources.empty?
         if !success && failed_resources.all?(&:deploy_timed_out?)
@@ -169,7 +152,7 @@ module KubernetesDeploy
         end
         raise FatalDeploymentError unless success
       else
-        deploy_resources(resources, prune: prune, verify: false)
+        deploy_all_resources(resources, prune: prune, verify: false)
         @logger.summary.add_action("deployed #{resources.length} #{'resource'.pluralize(resources.length)}")
         warning = <<~MSG
           Deploy result verification is disabled for this deploy.
@@ -177,32 +160,37 @@ module KubernetesDeploy
         MSG
         @logger.summary.add_paragraph(ColorizedString.new(warning).yellow)
       end
-      ::StatsD.event("Deployment of #{@namespace} succeeded",
+      StatsD.event("Deployment of #{@namespace} succeeded",
         "Successfully deployed all #{@namespace} resources to #{@context}",
         alert_type: "success", tags: statsd_tags << "status:success")
-      ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:success")
+      StatsD.distribution('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:success")
       @logger.print_summary(:success)
     rescue DeploymentTimeoutError
       @logger.print_summary(:timed_out)
-      ::StatsD.event("Deployment of #{@namespace} timed out",
+      StatsD.event("Deployment of #{@namespace} timed out",
         "One or more #{@namespace} resources failed to deploy to #{@context} in time",
         alert_type: "error", tags: statsd_tags << "status:timeout")
-      ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:timeout")
+      StatsD.distribution('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:timeout")
       raise
     rescue FatalDeploymentError => error
       @logger.summary.add_action(error.message) if error.message != error.class.to_s
       @logger.print_summary(:failure)
-      ::StatsD.event("Deployment of #{@namespace} failed",
+      StatsD.event("Deployment of #{@namespace} failed",
         "One or more #{@namespace} resources failed to deploy to #{@context}",
         alert_type: "error", tags: statsd_tags << "status:failed")
-      ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:failed")
+      StatsD.distribution('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:failed")
       raise
     end
     private
     def cluster_resource_discoverer
-      ResourceDiscovery.new(namespace: @namespace, context: @context, logger: @logger, namespace_tags: @namespace_tags)
+      @cluster_resource_discoverer ||= ClusterResourceDiscovery.new(
+        namespace: @namespace,
+        context: @context,
+        logger: @logger,
+        namespace_tags: @namespace_tags
+      )
     end
     def deploy_has_priority_resources?(resources)
@@ -219,7 +207,7 @@ module KubernetesDeploy
         fail_count = failed_resources.length
         if fail_count > 0
           KubernetesDeploy::Concurrency.split_across_threads(failed_resources) do |r|
-            r.sync_debug_info(@sync_mediator.kubectl)
+            r.sync_debug_info(kubectl)
           end
           failed_resources.each { |r| @logger.summary.add_paragraph(r.debug_message) }
           raise FatalDeploymentError, "Failed to deploy #{fail_count} priority #{'resource'.pluralize(fail_count)}"
@@ -227,8 +215,9 @@ module KubernetesDeploy
         @logger.blank_line
       end
     end
+    measure_method(:predeploy_priority_resources, 'priority_resources.duration')
-    def validate_definitions(resources)
+    def validate_resources(resources)
       KubernetesDeploy::Concurrency.split_across_threads(resources) { |r| r.validate_definition(kubectl) }
       failed_resources = resources.select(&:validation_failed?)
       return unless failed_resources.present?
@@ -239,14 +228,35 @@ module KubernetesDeploy
       end
       raise FatalDeploymentError, "Template validation failed"
     end
+    measure_method(:validate_resources)
+    def check_initial_status(resources)
+      cache = ResourceCache.new(@namespace, @context, @logger)
+      KubernetesDeploy::Concurrency.split_across_threads(resources) { |r| r.sync(cache) }
+      resources.each { |r| @logger.info(r.pretty_status) }
+    end
+    measure_method(:check_initial_status, "initial_status.duration")
+    def create_ejson_secrets(prune)
+      ejson = EjsonSecretProvisioner.new(
+        namespace: @namespace,
+        context: @context,
+        template_dir: @template_dir,
+        logger: @logger,
+        prune: prune,
+      )
+      return unless ejson.secret_changes_required?
+      @logger.phase_heading("Deploying kubernetes secrets from #{EjsonSecretProvisioner::EJSON_SECRETS_FILE}")
+      ejson.run
+    end
+    measure_method(:create_ejson_secrets)
     def discover_resources
       resources = []
       @logger.info("Discovering templates:")
-      Dir.foreach(@template_dir) do |filename|
-        next unless filename.end_with?(".yml.erb", ".yml", ".yaml", ".yaml.erb")
+      TemplateDiscovery.new(@template_dir).templates.each do |filename|
         split_templates(filename) do |r_def|
           r = KubernetesResource.build(namespace: @namespace, context: @context, logger: @logger,
                                        definition: r_def, statsd_tags: @namespace_tags)
@@ -260,11 +270,12 @@ module KubernetesDeploy
       end
       resources
     end
+    measure_method(:discover_resources)
     def split_templates(filename)
       file_content = File.read(File.join(@template_dir, filename))
       rendered_content = @renderer.render_template(filename, file_content)
-      YAML.load_stream(rendered_content) do |doc|
+      YAML.load_stream(rendered_content, "<rendered> #{filename}") do |doc|
         next if doc.blank?
         unless doc.is_a?(Hash)
           raise InvalidTemplateError.new("Template is not a valid Kubernetes manifest",
@@ -283,15 +294,11 @@ module KubernetesDeploy
     def record_invalid_template(err:, filename:, content:)
       debug_msg = ColorizedString.new("Invalid template: #{filename}\n").red
-      debug_msg += "> Error message:\n#{indent_four(err)}"
-      debug_msg += "\n> Template content:\n#{indent_four(content)}"
+      debug_msg += "> Error message:\n#{FormattedLogger.indent_four(err)}"
+      debug_msg += "\n> Template content:\n#{FormattedLogger.indent_four(content)}"
       @logger.summary.add_paragraph(debug_msg)
     end
-    def indent_four(str)
-      "    " + str.gsub("\n", "\n    ")
-    end
     def validate_configuration(allow_protected_ns:, prune:)
       errors = []
       if ENV["KUBECONFIG"].blank?
@@ -340,8 +347,12 @@ module KubernetesDeploy
         raise FatalDeploymentError, "Configuration invalid"
       end
+      confirm_context_exists
+      confirm_namespace_exists
+      @namespace_tags |= tags_from_namespace_labels
       @logger.info("All required parameters and files are present")
     end
+    measure_method(:validate_configuration)
     def deploy_resources(resources, prune: false, verify:, record_summary: true)
       return if resources.empty?
@@ -388,12 +399,17 @@ module KubernetesDeploy
       apply_all(applyables, prune)
       if verify
-        watcher = ResourceWatcher.new(resources: resources, sync_mediator: @sync_mediator,
-          logger: @logger, deploy_started_at: deploy_started_at, timeout: @max_watch_seconds)
+        watcher = ResourceWatcher.new(resources: resources, logger: @logger, deploy_started_at: deploy_started_at,
+          timeout: @max_watch_seconds, namespace: @namespace, context: @context, sha: @current_sha)
         watcher.run(record_summary: record_summary)
       end
     end
+    def deploy_all_resources(resources, prune: false, verify:, record_summary: true)
+      deploy_resources(resources, prune: prune, verify: verify, record_summary: record_summary)
+    end
+    measure_method(:deploy_all_resources, 'normal_resources.duration')
     def apply_all(resources, prune)
       return unless resources.present?
       command = %w(apply)
@@ -421,6 +437,7 @@ module KubernetesDeploy
         end
       end
     end
+    measure_method(:apply_all)
     def log_pruning(kubectl_output)
       pruned = kubectl_output.scan(/^(.*) pruned$/)
@@ -446,8 +463,9 @@ module KubernetesDeploy
       end
       if unidentified_errors.present?
-        msg = "#{ColorizedString.new('Unidentified error(s):').red}\n#{indent_four(unidentified_errors.join)}"
-        @logger.summary.add_paragraph(msg)
+        heading = ColorizedString.new('Unidentified error(s):').red
+        msg = FormattedLogger.indent_four(unidentified_errors.join)
+        @logger.summary.add_paragraph("#{heading}\n#{msg}")
       end
     end